CVE-2023-46385
Loytec LINX Configurator 7.4.10 Insecure Transit / Cleartext Secrets
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Insecure Permissions. An admin credential is passed as a value of URL parameters without encryption, so it allows remote attackers to steal the password and gain full control of Loytec device configuration.
LOYTEC electronics GmbH LINX Configurator 7.4.10 es vulnerable a permisos inseguros. Una credencial de administrador se pasa como un valor de los parámetros de URL sin cifrado, por lo que permite a atacantes remotos robar la contraseña y obtener control total de la configuración del dispositivo Loytec.
LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. An admin credential is passed as a value of URL parameters without encryption, so it allows remote attackers to steal the password and gain full control of Loytec device configuration.
Loytec LINX Configurator version 7.4.10 suffers from insecure transit and cleartext hardcoded secret vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-10-23 CVE Reserved
- 2023-11-28 CVE Published
- 2024-09-20 CVE Updated
- 2024-09-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-319: Cleartext Transmission of Sensitive Information
CAPEC
References (4)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Loytec Search vendor "Loytec" | L-inx Configurator Search vendor "Loytec" for product "L-inx Configurator" | 7.4.10 Search vendor "Loytec" for product "L-inx Configurator" and version "7.4.10" | - |
Affected
|